AD-A253  747 


lllil  ill  lllli  I 


& 


DOT/FAA/SE-92/2 


o 


US  Department 
of  Transportation 

Federal  Aviation 
Administration 


National  Airspace 
System 

System  Effectiveness 
Operational  Concept 
NAS-SR-138 


This  document  is  disseminated  under  the  sponsorship  of  the 
U.S.  Department  of  Transportation  in  the  interest  of 
information  exchange.  The  United  States  Government  assumes 
no  liability  for  its  contents  or  use  thereof. 


Technical  Report  Documentation  Poge 


1.  Report  No.  ^ 

DOT/FAA/SE-92/2 

2.  Government  Accession  No. 

3.  Recipient's  Co'olog  No. 

4.  T i ft*  and  Subtitle 

National  Airspace  System 

System  Effectiveness  Operational  Concept 

NAS-SR-138 

5.  Report  Dote 

April  1992 

6.  Performing  Organization  Code 

8.  Performing  Organization  Report  No. 

7.  Author'*) 

William  Trent,  Thomas  Pickerell,  Harold  Nelson,  Jr. 

9.  Performing  O»gonizotion  Nome  and  Addre** 

Computer  Resource  Management,  Inc. 

950  Herndon  Parkway,  Suite  360 

Herndon,  VA  22070 

10.  Work  Unit  No.  (TRAIS) 

\  \ .  Contract  or  Grant  No. 

DTFA01-91-Y-01004 

13.  Type  of  Report  and  Peri oo  Covered 

12.  Sponsoring  Agency  Nome  and  Address 

U.S.  Department  of  Transportation 

Federal  Aviation  Administration 

1  800  Independence  Ave.,  SW 

|  Washington,  DC  20591 

14.  Sponsoring  Agency  Code 

ASH-300,  Thomas  Higgias 

15.  Supp  1  emenl ary  Notes 

16.  Abstract 


A  requirement  for  the  National  Airspace  System  (NAS)  is  to  provide  for  system  effectiveness  as  identified  in  the 
NAS  System  Requirements  Specification  (NASSRS). 

This  operational  concept  is  one  of  many  high  level  documents  that  will,  in  total,  describe  the  operation  of  the  NAS 
when  the  projected  upgrade  is  complete  (i.e.,  "end  state").  These  documents  will  assist  in  linking  the  requirements 
specified  in  the  NASSRS  with  the  NAS  design.  This  particular  concept  describes  system  effectiveness  as  described 
in  paragraph  3.8  of  the  NASSRS,  including  the  following  four  paragraphs:  3.8.1  Operational  Readiness, 
3.8.2  Response  Times,  3.8.3  Immediate  Backup,  and  3.8.4  Security. 

This  concept,  and  the  other  seven  operational  concepts,  will  complete  the  description  of  the  system  requirements 
as  described  in  the  NASSRS. 

The  eight  operational  concepts  are:  Communications  (NAS-SR-136);  Navigation  (NAS-SR-134);  Monitoring 
(NAS-SR-133);  Maintenance  and  Support  (NAS-SR-137);  System  Effectiveness  (NAS-SR-138);  Air  Defense  (NAS- 
SR-135);  Flight  Planning  (NAS-SR-131);  and  Traffic  Control  and  Airspace  Management  (NAS-SR-132). 


17.  Key  Words 

Operational  Readiness 

Response  Times 

Immediate  Backup 

Security 

18.  Distribution  Stotement 

Document  is  available  to  the  public  through 
the  National  Technical  Information  Service 

Springfield,  VA  22161 . 

19.  Security  Clossif.  (of  this  report) 

20.  Security  Clossif.  (of  this  poge) 

21*  No.  of  P  oge  » 

22.  P>>c« 

UNCLASSIFIED 

UNCLASSIFIED 

49 

Form  DOT  F  1700.7  (8-72) 


Reproduction  of  completed  poge  authorized 


TABLE  OF  CONSENTS 


Page 


LIST  OF  FIGURES .  ill 

LIST  OP  TABLES .  ill 

1.1  Background .  1-1 

1.2  Objective .  1-1 

1.3  Scope .  1-1 

1.4  Methodology  ..........  .  1-2 

1.5  Document  Organization  .  1-3 

2.0  OPERATIONS .  2-1 

2.1  Support .  2-1 

2.1.1  Operational  Readiness . 2-1 

2.1.2  Response  Times .  2-2 

2.1.3  Immediate  ACF  Backup .  2-2 

2.1.4  Security .  2-4 

2.1.5  Posit ions/Systems/Functions  .  2-4 

2.2  Information .  2-7 

2.2.1  Backup  ACF  to  Adjacent  ACF .  2-7 

2.2.2  Backup  ACF  to  Adjacent  ATCT .  2-8 

2.2.3  Backup  ACF  to  Adjacent  Military  Facilities  .  2-8 

2.3  Functions . 2-8 

2.3.1  ACF  NAS  Operations  Manager/Systems  Engineer  (Position  35)  ...  2-8 

2.3.2  ATCT  Data  Systems  Specialist  (Position  36) .  2-10 

2.3.3  AMCC  Specialists/NAS  Area  Specialists  (Position  24)  .  2-12 

2.3.4  GNAS  Maintenance  Control  Center  (GMCC)  Specialist  (Position  24)  .  2-14 

2.3.5  Traffic  Management  Specialist  (Position  13)  .  2-14 

2.4  Correlation  of  Operational  Requirements  .  2-17 

2.5  Operational  Sequence  .  2-17 

2.5.1  Failed  ACF  Operational  Sequence  .  2-17 

2.6  Operational  Scenario  .  2-20 

2.6.1  Failed  ACF  Operational  Scenario  .  2-20 

APPENDIX  I,  NAS  Service  Functional  Categories  .  1-1 

APPENDIX  II,  NAS  Response  Time  Requirements  (In  Seconds)  .  II-l 

REFERENCES .  RE-1 

GLOSSARY .  GL-1 

ACRONYMS/ABBREVIATIONS  .  AA-1 


* 


i 


LIST  OF  FIGURES 


FIGURE  HUMBER  PAGE 

^2-1  OVERVIEW  OF  NAS/USER  INTERFACES  FOR  SYSTEM  EFFECTIVENESS  ....  2-5 

2-2  SYSTEM  EFFECTIVENESS  OPERATIONAL  BLOCK  DIAGRAM  .  2-6 

2-3  ACF  OPERATIONS  MANAGER/ SYSTEM  ENGINEER  OPERATIONAL  FLOW  DIAGRAM  2-9 

2-4  ATCT  DATA  SYSTEM  SPECIALIST  OPERATIONAL  FLOW  DIAGRAM .  2-11 

2-5  ACF— MCC  (AMCC)  SPECIALIST  OPERATIONAL  FLOW  DIAGRAM .  2-13 

2-6  GNAS-MCC  (GMCC)  SPECIALIST  OPERATIONAL  FLOW  DIAGRAM  .  2-15 

2-7  TRAFFIC  MANAGEMENT  SPECIALIST  OPERATIONAL  FLOW  DIAGRAM  .  2-16 

2-8  FAILED  ACF  OPERATIONAL  SEQUENCE  DIAGRAM  .  2-19 

2-9  FAILED  ACF  OPERATIONAL  SCENARIO  DIAGRAM  .  2-21 


LIST  OF  TABLES 


TABLE  NUMBER  PAGE 

2-1  SYSTEM  EFFECTIVENESS  OPERATIONAL  REQUIREMENTS  CORRELATION  .  .  .  2-18 

I- 1  NAS  SERVICE  FUNCTIONAL  CATEGORIES  .  1-2 

II- l  NAS  RESPONSE  TIME  REQUIREMENTS  (IN  SECONDS) .  1 1-2 


BTIc^n,87ECTEEif 


ii 


1.0  INTRODUCTION 


1.1  Background 

National  Airspace  System  (NAS)  equipment,  systems,  installations,  and 
facilities  must  be  designed  to  ensure  that  they  perform  intended  functions 
under  any  foreseeable  operating  conditions.  The  NAS  shall  meet  the 
user/specialist -related  measures  of  effectiveness  described  in  the  following 
sections.  Compliance  with  these  requirements  shall  be  proven  by  analysis  and, 
where  necessary,  by  appropriate  simulation  or  test. 

The  National  Airspace  System  System  Requirements  Specification  (NASSRS),  NAS- 
SR-1000,  is  the  top  level  system  requirements  document  for  the  NAS.  The 
contents  are  a  compilation  of  required  operational  capabilities  for  the  NAS  as 
envisioned  to  exist  when  the  NAS  Plan  (Capital  Investment  Plan)  is  fully 
implemented.  The  primary  intention  of  NAS-SR-1000  is  for  FAA  internal  use  as 
a  management  tool  in  support  of  the  NAS  design,  engineering,  acquisition 
activities,  and  control  of  change  to  the  NAS  operational  requirements. 

This  operational  concept  document  has  been  developed  using  an  established 
standard  format  and  is  consistent  in  structure  with  a  series  of  operational 
concepts  written  about  various  sections  of  the  NASSRS. 

1.2  Objective 

The  objective  of  this  operational  concept  is  intended  to  define  system 
effectiveness  in  the  future  NAS.  This  is  the  total  NAS  viewed  as  a  complete 
system  as  presently  approved  as  of  the  date  of  this  operational  concept 
document.  It  is  intended  to  be  a  descriptive  document  which  provides  FAA 
management  and  technical  personnel,  as  well  as  user  organizations,  with  a 
clear  understanding  of  system  effectiveness  within  the  NAS.  More 
specifically,  the  objective  of  this  document  is  to: 

Provide  a  common  operational  perspective  across  those  subsystems, 
operators,  and  users  that  provide  system  effectiveness. 

Show  the  interrelationship  between  subsystems,  facilities,  information, 
and  operators /users . 

1.3  Scope 

This  operational  concept  describes  how  system  effectiveness  is  provided  in  the 
NAS  as  outlined  in  Section  3.8  of  the  NASSRS.  The  operations  described  are 
limited  to  those  associated  solely  with  system  effectiveness.  The  names 
assigned  to  the  specialists  who  perform  these  operations  are  based  on  the 
primary  functions  performed.  While  these  names,  which  are  based  on  today's 
operations,  may  change  as  the  NAS  evolves,  the  functions  performed  should  not. 

The  specific  paragraphs  in  the  NASSRS  Section  3.8  are  as  follows: 

3.8  System  Effectiveness 


3.8.1.  Operational  Readiness 

3.8.1.  A  Categorization  of  Impact  of  Loss  of  Service 

3.8. 1. B  Definition  of  Function  Availability 

3.8.1. C  Limitation  of  Impact  of  a  Single  Failure 

3.8.1. D  Maximum  Duration  of  Loss  of  Service 

3.8. 1. B  Maximum  Frequency  of  Loss  of  Service 
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3.8.2  Response  Times 

3.8.3  Immediate  Backup 

3. 8. 3.  A  Air-to-Ground  Communications 

3.8.3. B  Ground-to-Ground  Communications 

3.8.3. C  Availability  of  Surveillance  Data 

3.8.3. D  Critical  Data 

3.8.3. E  Exchange  of  Status  Information 

3.8.3. F  Operational  Reconfiguration 

3.8.3. G  Terminals 

3.8.3. H  Backup  Support  Functions 

3. 8. 3. I  Backup  Processing  Response  Times 

3.8.3. J  Military  Facilities 

3.8.4  Security 

3. 8. 4.  A  Physical  Security 

3.8.4. B  Administrative  Security 

3.8.4. C  Technical  Security 

1.4  Methodology 

The  methodology  employed  to  develop  this  operational  concept  is  similar  to  the 
methods  and  tools  used  for  system  development  in  that  successive  levels  of 
decomposition  of  the  system  effectiveness  functions  are  represented.  This 
document  starts  with  the  overall  concept  and  proceeds  to  its  most  elemental 
levels  of  support,  diagrammatic  tools,  and  techniques  that  constitute  system 
effectiveness  within  the  NAS.  These  analytical  tools  are: 

1.  Operational  Block  Diagram/Description.  The  operational  block 
diagram  illustrates  the  connectivity  between  major  elements  of  the 
NAS,  i.e.,  processors,  specialists/controllers,  and  the  user  for 
those  elements  that  support  the  service.  The  operational  block 
diagram  in  this  operational  concept  is  extracted  from  the  overall 
NAS  operational  block  diagram.  Principal  features  of  the 
operational  block  diagram/description  include  the  following: 

a.  Each  specialist/controller  is  indicated  by  a  number.  This 
number  remains  the  same  in  every  NASSRS  operational  concept. 

b.  Dotted  lines  segregate  facilities. 

c.  Solid  lines  show  digital  data  flow,  and  voice  data  flow  is  also 
shown.  Each  type  of  data  flow  is  appropriately  labeled. 

d.  The  blocks  within  each  facility  are  the  major  processors. 

2.  Operational  Flow  Diagrams.  An  operational  flow  diagram  and 
associated  description  for  each  specialist  provides  detail  about  the 
inputs,  processes,  outputs,  and  interfaces  for  each  operator;  thus, 
the  operational  flow  diagram  provides  an  expansion  of  each  element 
of  the  NAS  shown  in  the  system  effectiveness  master  block  diagram. 
Operational  flow  diagrams  are  used  to  functionally  describe  the 
products  and  services  of  individual  specialists. 

a.  Dotted  lines  segregate  facilities. 

b.  Larger  white  boxes  at  the  center  of  each  diagram  indicate 
specialist/controller/user  functions.  Shaded  boxes  indicate 
supporting  systems. 
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c.  The  functions  listed  by  lower  case  alphabetic  characters  in  the 
white  and  shaded  boxes  are  explained  in  the  text. 

3.  Operational  Sequence  Piaarams/DescriPtions.  The  operational 
sequence  diagram  and  associated  description  show  a  typical  sequence 
of  steps  taken  by  operators/users  in  supporting  system  effectiveness 
operations.  Principal  features  of  an  operational  sequence  diagram 
include  the  following: 

a.  Users,  specialists,  and  computer  systems  involved  with  providing 
system  effectiveness  functions  are  listed  along  the  vertical 
axis.  When  required  for  clarity,  other  FAA  facilities  may  also 
be  listed  on  the  vertical  axis. 

b.  The  horizontal  axis  represents  time.  Sequential  events  or 
functions  performed  are  indicated  within  separate  boxes.  Events 
which  may  occur  simultaneously  or  near-simultaneously  are  shown 
vertically. 

c.  Decision  points  or  points  where  alternate  paths  may  be  followed 
are  indicated  by  a  diamond  shape. 

d.  Circles  are  connectors  and  indicate  exit  to,  or  entry  from, 
another  diagram.  Circles  with  a  lower  case  alphabetic  character 
reference  an  operator  function  described  in  the  figure  listed 
below  the  circle.  Circles  connect  either  to  another  sheet  of  1 
the  same  diagram  or  to  another  diagram;  the  relevant  figure 
number  is  listed  underneath  if  connection  is  to  a  different 
diagram.  Thus,  the  relationship  between  operator/user 
interactions  and  relevant  NAS  subsystems  can  be  depicted. 

4.  Operational  Scenario  Diagrams /Descriptions  The  operational  scenario 
diagram  and  associated  descriptions  depict  a  specific  predefined 
situation  and  illustrates  a  particular  subset  of  the  generalized 
operational  sequence  or  unusual  situation  not  covered  by  the 
operational  sequence  diagrams.  Principal  features  of  operational 
scenario  diagrams  include  the  following: 

a.  Users  and  specialists/controllers  involved  with  providing  the 
Bervice  are  listed  along  the  vertical  axis. 

b.  The  horizontal  axis  represents  time.  Sequential  events  or 
functions  performed  by  an  operator/user  are  indicated  within 
separate  boxes.  The  numbers  on  the  right  side  of  the  blocks 
refer  to  numbers  in  the  text. 

1.5  Document  Organization 

The  remainder  of  this  document  is  organized  as  Section  2,  System  Effectiveness 

Operations  is  divided  into  six  subsections: 

Section  2.1  Support  provides  an  overview  description  of  the  system 
effectiveness  functions  and  introduces  (identifies)  the  personnel 
complement  and  physical  entities  (facilities  and  computer  systems), 
which  provide  the  required  support. 

Section  2.2  Information  describes  the  information  used  to  provide 
system  effectiveness  support. 
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Section  2.3  Functions  provides  descriptions  of  the  functions  performed 
by  specific  types  of  NAS  personnel  in  conjunction  with  system 
effectiveness  services. 

Section  2.4  Correlation  of  Operational  Requirements  correlates  the 
system  effectiveness  requirements  paragraphs  of  NAS-SR-1000  with  the 
paragraphs  that  describe  the  functions  being  performed  by  the 
specialists/controllers. 

Section  2.5  Operational  Sequences  illustrates  the  interactions  between 
NAS  personnel  and  systems  during  the  planning  and  implementation  phases 
of  system  effectiveness. 

Section  2.6  Operational  Scenarios  describes  operational  scenarios  for 
hypothetical  interactions  between  users  and  operators/ specialists  for 
specific  cases. 
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2.0  OPERATIONS 


2.1  support 

NAS  equipment,  systems,  installations,  and  facilities  whose  functioning  is 
required  by  the  service  described  in  this  document  must  be  designed  to  ensure 
performance  of  these  functions  under  any  foreseeable  operating  conditions. 

The  NAS  shall  meet  the  user/specialist-related  measures  of  effectiveness 
described  in  the  following  sections.  Compliance  with  these  requirements  shall 
be  proven  by  analysis  and,  where  necessary,  by  appropriate  simulation  or  test. 

Additionally,  the  NAS  shall  prevent  disclosure  to  unauthorized  persons  or 
processes  information  that  is  either  classified  in  the  interest  of  national 
security  or  sensitive  because  of  its  operational  or  administrative  nature. 
Access  to  information,  facilities,  and  equipment  shall  be  controlled.  The  NAS 
is  concerned  with  three  types  of  security:  physical,  administrative,  and 
technical . 

The  following  paragraphs  describe,  in  detail,  paragraph  3.8  of  the  NASSRS. 

2.1.1  Operational  Readiness 

NAS  equipment,  systems,  installations  and  facilities  shall  be  kept  in  an 
operable  and  committable  state  according  to  their  criticality  to  safe 
operation  and  control  of  aircraft.  NAS  services  to  the  user/specialist  are 
categorized  according  to  the  severity  of  impact  of  loss  of  that  service  on 
safe  separation  and  control  of  aircraft.  These  NAS  services  as  required  by 
this  document  are  categorized  in  Table  1-1  located  in  Appendix  I.  These 
categories  are: 

Critical  -  Functions  or  services  which,  if  lost,  would  prevent  the  NAS 
from  exercising  safe  separation  and  control  over  aircraft.  Examples  are 
air-ground  communications  and  radar  data  used  for  separation  of  IFR 
traffic. 

Essential  -  Functions  or  services  which,  if  lost,  would  reduce  the 
capability  of  the  NAS  to  exercise  safe  separation  and  control  over 
aircraft.  Examples  are  real-time  weather  information  and  remote  airport 
lighting  system  control. 

Routine  -  Functions  or  services  which,  if  lost,  would  not  significantly 
degrade  the  capability  of  the  NAS  to  exercise  safe  separation  and 
control  over  aircraft.  Examples  are  training  and  administration. 

Certain  parts  of  NAS  information  may  be  considered  critical,  essential,  and 
routine.  For  example,  information  about  aircraft  separation  information 
(para.  3.2.3  of  the  NASSRS)  such  as  acquiring  actual  flight  information  (para. 

3. 2. 3.  A)  is  considered  critical.  Information  on  acquiring  flight  plans  (para. 

3.2.3. B)  is  essential,  and  weather  information  for  flight  path  prediction 
(para.  3.2.3.D)  is  only  considered  routine. 

Please  refer  to  Table  1-1,  in  Appendix  I  for  the  complete  list  of  functional 
categories. 

The  availability  goal  in  the  end-state  NAS  for  a  function  or  service  to  the 
user/specialist  is  expressed  as  the  ratio  of  the  total  time  the  service  is 
provided  to  the  user/specialist  to  the  maximum  available  operating  time. 
Service  availability  is  not  less  than  that  provided  by  existing  capabilities. 
These  time  ratios  are  as  follows: 
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Critical  services  -  .99999 
Essential  services  -  .999 
Routine  services  -  .99 

No  single  failure  of  equipment,  system,  installation  or  facility  shall  cause 
loss  of  service  to  the  user/specialist.  The  goal  for  a  single  loss  of  service 
to  a  user/specialist  shall  not  exceed  the  duration  shown  below: 

Critical  services  -  6  seconds 

Essential  services  -  10  minutes 

Routine  services  -  1.68  hours 

The  frequency  of  occurrence  goal  for  any  loss  of  service  shall  not  exceed  one 
per  week. 

2.1.2  Response  Times 

Certain  response  times  have  been  specified  for  the  NAS  to  produce  or  process 
specific  information.  The  numbers  provided  in  Table  II-l,  in  Appendix  II,  are 
identified  as  a  mean,  99th  percentile,  or  maximum  value. 

For  example,  due  to  its  critical  nature,  flight  information  (data)  concerning 
traffic  advisories  has  a  mean  response  time  of  0.6  seconds,  a  99th  percentile 
response  time  of  1.2  seconds,  and  a  maximum  response  time  of  3.0  seconds. 
Flight  plan  submission  and  evaluation,  due  to  a  less  critical  nature,  has 
longer  response  times.  For  this  type  of  information  the  mean  is  4.0  seconds, 
a  99th  percentile  response  of  6.0  seconds,  and  a  maximum  response  time  of  12.0 
seconds . 

2.1.3  Immediate  ACF  Backup 

The  NAS  is  required  to  provide  a  capability  to  take  over  the  control  area  of 
an  Area  Control  Facility  (ACF)  in  the  event  of  a  catastrophic  failure  of  an 
individual  ACF.  A  catastrophic  failure  is  considered  to  be  the  inability  of 
an  ACF  to  perform  its  operational  responsibilities,  regardless  of  cause,  as 
determined  by  operational  authorities. 

ACF 

An  ACF  will  normally  operate  with  its  Area  Control  Computer  Complex  (ACCC) 
processing  in  the  full  service  mode,  maintaining  interfacility  communications 
between  the  ACCC,  external  ACCCs  and  Tower  Control  Computer  Complexes  (TCCCs). 
In  the  event  of  a  catastrophic  failure  of  an  ACF,  the  normal  existing  work 
force  of  controllers  at  adjacent  facilities  will  assume  portions  of  the  failed 
airspace  and,  using  available  equipment,  will  provide  required  services  to 
stabilize  the  affected  airspace.  This  backup  concept  requires  that  the  system 
be  prepared  to  transfer  control  of  those  NAS  resources  responsible  for  the 
control  of  aircraft  to  the  supporting  facilities. 

Additionally,  any  operational  site  will  be  able  to  perform  emergency  software 
maintenance  if  communication  is  lost  with  the  FAA  Technical  Center  (FAATC) . 

The  ACCC  shall  have  the  capability  to  modify  object  code  and  implement  data 
bases  necessary  for  support  or  system  recovery  at  the  ACCC  and  associated 
TCCCs  when  directed. 
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In  the  event  of  an  ACF  failure  the  NAS  provides  the  capability  to  reconfigure 
air-to-ground  voice  communications  to  achieve  communications  with  aircraft  in 
adjacent  airspace  assigned  to  positions  within  the  backup  facility.  The  NAS 
also  provides  the  capability  to  reconfigure  ground-to-ground  voice 
communications  to  achieve  communications  between  control  positions  within  the 
backup  facility  and  control  positions  in  other  facilities. 

Surveillance  data  is  also  provided  to  backup  facilities  for  their  respective 
backup  areas.  The  NAS  also  supplies  each  backup  ACF  with  the  requisite  flight 
data  for  assigned  backup  responsibilities.  This  flight  data  is  sufficient  to 
allow  flight  plan  association  and  creation  of  flight  data  displays  upon 
activation  of  the  backup  procedure. 

The  NAS  provides  the  capability  for  facilities  to  exchange  status  condition 
information  for  backup  purposes.  This  capability  provides  for  an  ACF  to 
continuously  notify  each  of  its  backup  facilities  and  the  Air  Traffic  Control 
Command  Center  (ATCCC)  of  its  status.  The  affected  ACF  will  notify  its  backup 
facilities,  associated  terminals  and  ATCCC  when  it  is  unable  to  maintain 
normal  operation.  These  facilities,  in  turn,  will  notify  other  associated 
facilities  of  this  alert  and  implement  the  backup  capability. 

The  Traffic  Management  System  will  participate  in  the  backup  effort  by 
limiting  aircraft  flow  into  and  rerouting  aircraft  around  the  failed 
facility's  airspace. 

The  NAS  provides  the  capability  for  the  rapid  reassignment  of  operational  and 
backup  sectors  to  any  operating  or  training  position  in  the  facility. 

ATCT 

Airport  traffic  control  towers  (ATCTs)  have  the  capability  to  operate  their 
TCCC  independently  of  their  parent  ACF  in  the  event  of  an  ACF  failure.  Those 
ATCTs  which  receive  surveillance  data  are  capable  of  expanding  their  display 
range  (within  the  limits  of  available  processing  capacity)  beyond  that  used  in 
normal  operation. 

The  NAS  provides  the  capability  to  perform  the  required  backup  support 
functions  while  meeting  response  time  requirements .  These  response  times 
include: 

Failure  detection,  verification  and  system  notification  within  ten 
seconds  following  an  ACF  failure 

Automatic  track  initiation  and  flight  plan  association  in  the  backup 
airspace  within  60  seconds  of  an  ACF  failure 

Implementation  of  the  backup  operation  within  two  minutes  of  an  ACF 
failure. 

The  NAS  provides  processing  and  communications  capacities  to  support  the 
required  backup  capabilities  and  to  meet  the  response  time  requirements 
specified  above,  while  maintaining  safe  separation  of  all  aircraft  receiving 
ATC  services  (i.e.,  both  normal  and  backup  sectors)  from  the  backup 
facilities.  Additionally,  maintenance  personnel  in  the  ATCTs  are  capable  of 
modifying  the  TCCC  object  code,  and  building  and  implementing  data  bases  in 
the  stand-alone  mode. 
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Military  Facilitiea 


The  NAS  provides  appropriate  voice  and  data  communications  connectivity 
between  designated  military  facilities  and  designated  backup  ACFs.  In  the 
event  of  an  ACF  failure  the  backup  ACF  communicates  with  military  facilities 
through  voice  channels  and  passes  flight  plan  or  aeronautical  information 
through  data  channels. 

2.1.4  Security 

The  NAS  provides  three  types  of  security  to  prevent  unauthorized  access  to 
information,  equipment,  and  facilities.  The  first,  physical  security, 
prevents  unauthorized  access  or  damage  to  equipment  and  facilities.  Physical 
access  to  equipment  and  facilities  is  controlled  by  appropriate  means,  such  as 
fencing,  guards,  and  locked  doors.  An  immediate  alarm  is  made  to  appropriate 
personnel  when  an  attempt  to  violate  physical  security  is  detected. 
Electromagnetic  protection  measures  are  provided  at  facilities  where  necessary 
to  provide  adequate  security  and  protection  of  NAS  systems.  Appropriate 
containers  are  provided  for  the  storage  of  classified  or  sensitive 
information. 

The  second,  administrative  security,  is  provided  in  the  form  of  rules  and 
procedures  for  access  to  facilities  and  information.  The  NAS  develops 
criteria  for  determination  of  individuals  and  classes  of  personnel  who  require 
access  or  clearances  on  a  need-to-know  basis.  Controls  for  keys,  access  codes 
and  passwords  for  facilities  and  information  are  also  provided. 

The  third,  technical  security,  is  provided  in  order  to  enforce  the  established 
rules  and  procedures.  Logical  controls  are  built  into  information  systems  to 
prevent  unauthorized  persons  from  gaining  access.  Where  necessary, 
cryptography  is  used  to  deny  effective  use  of  information  even  if  access  is 
gained. 

2.1.5  Positions /Systems /Functions 

Figure  2-1  is  an  overview  of  NAS/user  interfaces  for  Bystem  effectiveness  and 
illustrates  the  NAS  facilities  and  systems  involved.  Figure  2-2  is  an 
operational  block  diagram  showing  the  inter-relationships  between  equipment, 
facilities,  operators/users  and  the  information  necessary  to  support  system 
effectiveness  within  the  NAS. 

Position  35:  ACF  NAS  Operations  Manager /System  Engineer 

Function:  The  NAS  Operations  Manager/System  Engineer  monitors  ACF  area 

equipment  and  subsystem  activities  and  initiates  the  ACF  backup  actions  when 

required. 

Description:  The  NAS  Operations  Manager/System  Engineer  initiates  the  backup 
ACF  procedures  once  notified  by  facility  management  personnel. 

Procedures:  FAA  Order  7210. 3J  Facility  Operation  and  Administration 

Projects:  Capital  Investment  Plan,  Chapter  2,  Section  1:  Project 

21-12  Advanced  Automation  System  (AAS);  Section  6: 
Project  26-04  Maintenance  Control  Center  (MCC) 

Position  36:  ATCT  Data  System  Specialist 
Function:  Data  System  Specialist. 

Description:  In  addition  to  normal  duties  these  specialists  in  an  ATCT 

convert  the  TCCC  to  the  stand  alone  mode  in  the  event  of  an  ACF  failure. 
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FIGURE  2-2 

SYSTEM  EFFECTIVENESS  OPERATIONAL 
BLOCK  DIAGRAM 


Procedures:  FAA  Order  7210. 3J  Facility  Operation  and  Administration 

Projects:  Capital  Investment  Plan,  Chapter  4,  Section  2:  Project 

42-20  Airport  Traffic  Control  Tower  System  Connectivity 

Position  24:  MCC  Specialists /NAS  Area  Specialist 

Function:  In  addition  to  regularly  assigned  duties,  MCC  Specialists  in  an  ACF 

MCC  (called  NAS  Area  Specialist)  or  in  a  GNAS  MCC  (GMCC)  remotely  monitor 
system  and  equipment  status.  Should  failures  occur,  these  specialists 
initiate  corrective  actions  through  RMMS  and  notify  the  work  force. 
Description:  Specialists  in  an  MCC  that  report  the  status  of  a  failed  ACF  and 
support ing  equ ipment /systems . 

Procedures:  FAA,  Maintenance  Handbook  for  Airway  Facilities 

(6000. 15A) 

Projects:  Capital  Investment  Plan,  Chapter  2,  Section  6  - 

Maintenance  and  Operations:  Project  26-01  Remote 
Maintenance  Monitoring  System  (RMMS);  26-04  Maintenance 
Control  Center  (MCC) 

Position  13:  Traffic  Management  Specialists 

Function:  Specialists  working  in  the  Central  Flow  Control  Facility  coordinate 
the  flow  of  air  traffic  with  Traffic  Management  Specialists  within  ACFs  and 
major  ATCTs. 

Description:  Traffic  Management  Specialists  provide  national  level  management 
and  monitoring  of  current  air  traffic  flow,  aircraft  operations,  en  route 
sector  and  airport  utilization. 

Procedures:  FAA  Order  7210. 47A  Traffic  Management  System 

Projects:  Capital  Investment  Plan,  Chapter  2,  Section  1:  Project 

21-06,  Traffic  Management  System  ( TMS ) ;  Section  5, 
Project  25-007  National  Airspace  Data  Interchange 
Network  (NADIN)  II;  Section  6:  Project  26-14:  National 
Radio  Communications  System  (NARACS). 

2 . 2  Information 


In  the  event  of  an  ACF  failure,  flight  plan,  surveillance  data,  and  status 
information  must  be  passed  between  the  adjacent  backup  ACFs  through  their 
ACCCs .  This  information  enables  controllers  to  provide  continuous  ATC 
services  to  aircraft  within  the  failed  ACFs'  airspace. 

2.2.1  Backup  ACF  to  Adjacent  ACF 

Facility  backup  is  the  national  ATC  system's  defense  against  catastrophic 
failure  of  an  ACCC/ACF.  In  facility  backup,  responsibility  for  the  aircraft 
under  control  of  a  failed  facility  is  assumed  by  other  ACCC/ACFs.  The  ACCCs 
will  support  facility  backup  by  routine  exchange  of  critical  flight  data. 

Upon  the  catastrophic  failure  of  any  one  ACCC,  other  adjacent  ACCCs  are 
capable  of  taking  up  the  tasks  of  the  failed  ACCC  including  support  of  the 
TCCCs  served  by  the  failed  ACCC.  The  facility  backup  processing  includes  the 
following  functions: 

Critical  flight  data  processing 
Surveillance  data  processing 
Facility  backup  transition  processing 
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After  the  transition  to  facility  backup  is  in  effect,  voice  and  data 
communications  are  processed  the  way  they  are  normally  processed,  through  the 
National  Airspace  System  Interfacility  Communications  System  (NICS).  The  NICS 
combines  or  integrates  communications  functions  into  one  network  which 
provides  voice  and  data  communications  interconnectivity  between  facilities 
and  sites  within  the  NAS. 

2.2.2  Backup  ACF  to  Adjacent  ATCT 

When  a  parent  ACF  fails,  and  communications  with  the  parent  ACCC  become 
unavailable,  the  TCCC  transitions  to  a  stand-alone  mode  of  operation.  In  this 
mode,  the  TCCC  performs  limited  surveillance  processing  functions  (if 
available)  locally  and  continues  to  provide  those  flight  data  processing  and 
display  functions  that  do  not  require  communications  with  the  ACCC. 

In  the  stand-alone  mode  the  TCCC  interacts  with  airport  systems  and  provides 
the  following: 

Surveillance  data  processing 

Flight  data  processing 

Airport  environmental  data  processing 

When  the  TCCC's  parent  ACCC  is  no  longer  capable  of  supporting  it  and  the  TCCC 
receives  notification  from  the  alternate  ACCC  that  it  has  transitioned  into 
backup,  the  TCCC  shall  treat  the  alternate  ACCC  as  its  parent  and  initiate  ATC 
data  exchange  with  the  new  parent.  The  TCCC  has  the  capability  to  transition 
back  to  normal  mode  when  communication  with  a  parent  ACCC  becomes  available. 

2.2.3  Backup  ACF  to  Adjacent  Military  Facilities 

The  ACCC  exchanges  flight  data  with  military  base  operations  (MBO) .  The  ACCC 
receives  flight  plan  amendments,  cancellation  messages  from  MBO  and  provides 
MBO  with  general  information  messages.  In  the  event  of  an  ACF  failure,  the 
NAS  provides  appropriate  voice  and  data  communications  connectivity  between 
designated  military  facilities  and  designated  backup  ACFs. 

2 . 3  Functions 


The  following  paragraphs  describe  in  more  detail  the  functions  provided  by  the 
specialist  positions  introduced  in  Section  2.1.  The  operational  flow  diagrams 
associated  with  each  paragraph  illustrate  the  information  flow  between  the 
specialists  within  their  respective  facility  and  the  user,  and  between  the 
specialists  and  data  processing  equipment.  The  functions  performed  by  the  NAS 
are  explicitly  covered  by  requirements  specified  in  the  NASSRS.  The  pertinent 
NASSRS  paragraphs  that  specify  the  function  being  performed  by  the  NAS  are 
referenced  in  each  of  the  paragraphs  that  follow. 

2.3.1  ACF  NAS  Operations  Manager /System  Engineer  (Position  35) 

The  NAS  Operations  Manager /Systems  Engineer  monitors  the  subsystems  within  the 
ACF.  In  the  event  of  an  ACF  failure  the  NAS  Operations  Manager  will  implement 
the  ACF  backup  plan. 

Figure  2-3  is  an  operational  flow  diagram  describing  the  interfaces  provided 
to  the  specialists  at  the  ACF.  Functions  performed  by  the  equipment  and  these 
specialists  are  lettered  within  each  block  and  are  described  in  the 
corresponding  paragraphs  below. 
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a.  ACCC  Processing.  The  ACCC  communicates  and  coordinates  its 
operational  status  with  other  ACCCs  and  the  Traffic  Management 
Processor  (TMP).  The  ACCC  provides  the  capability  for  implementation 
of  the  backup  operation  within  two  minutes  of  an  ACF  failurS.  The 
ACCC  provides  the  capability  to  reconfigure  air-ground,  ground- 
ground  communications  and  surveillance  data  in  the  event  of  an 
adjacent  ACF  failure.  Automatic  track  initiation  and  flight  plan 
association  is  available  within  60  seconds  of  an  ACF  failure.  The 
ACCC  also  provides  the  capability  to  obtain  or  provide  requisite 
flight  data  for  assigned  backup  positions.  ACF  personnel  can 
reconfigure  a  backup  ACF  to  provide  for  additional  positions  to 
handle  the  increased  airspace. 

NASSRS  Requirement  3. 8. 3. A  -  J 

b.  Voice  Switching  and  Control  System  (VSCS).  The  VSCS  provides  the 
primary  air-ground  communications  capability  for  controllers  in  the 
backup  ACF  to  communicate  with  aircraft  in  the  failed  ACF's 
airspace.  VSCS  operates  in  conjunction  with  the  radio  control 
equipment  (RCE)  and  the  VHF/UHP  communications  outlet  to  provide 
two-way  communications  capability.  VSCS  receives  area/sector  and 
facility  reconfiguration  control  from  the  ACCC  to  facilitate  these 
functions.  VSCS  provides  the  primary  ground-ground  interphone 
function  as  a  voice  switch  which  provides  voice  connectivity  between 
air  traffic  operational  positions  within  the  ACF  and  specialists  in 
adjacent  ACFs,  as  well  as  other  NAS  and  military  facilities. 

NASSRS  Requirement  3. 8. 3. A,  B 

c.  Implements  ACF  Backup  Plan.  The  NAS  Operations  Manager/Systems 
Engineer  implements  the  ACF  backup  plan  in  the  event  of  an  ACF 
failure. 

NASSRS  Requirement  3. 8. 3. A  -  I 
2.3.2  ATCT  Data  Systems  Specialist  {Position  36) 

ATCT  Data  Systems  Specialists  initiates  stand-alone  mode  utilizing  the 
processing  capabilities  of  the  TCCC.  Figure  2-4  is  an  operational  flow 
diagram  describing  the  interfaces  provided  to  the  specialists  at  the  ATCT. 
Functions  performed  by  the  equipment  and  these  specialists  are  lettered  within 
each  block  and  are  described  in  the  corresponding  paragraphs  below. 

a.  TCCC  Processing.  The  TCCC  provides  stand-alone  mode  of  operation  to 
the  ATCT  when  communications  with  the  parent  ACCC  become 
unavailable.  In  this  mode  the  TCCC  performs  limited  surveillance 
processing  functions  locally  and  continues  to  provide  those  flight 
data  processing  and  display  functions  that  do  not  require 
communications  with  the  ACCC.  When  the  TCCC  receives  notification 
from  the  alternate  ACCC  that  it  has  transitioned  into  backup,  the 
TCCC  treats  the  alternate  ACCC  as  its  parent  and  initiates  ATC  data 
exchange  with  the  new  parent.  The  TCCC  has  the  capability  to 
transition  back  to  normal  mode  when  communication  with  a  parent  ACCC 
becomes  available. 

NASSRS  Requirement  3.8.3.G 
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FIGURE  2-4 

ATCT  DATA  SYSTEMS  SPECIALIST  (POSITION  36) 
OPERATIONAL  FLOW  DIAGRAM 


b.  Implements  TCCC  Stand  Alone  Mode.  The  ATCT  Data  Systems  Specialist 
initiates  the  stand-alone  mode  for  the  TCCC  when  alerted  that  the 
host  ACF  has  failed. 

NASSRS  Requirement  3.8.3.G 

2.3.3  ACF  Maintenance  Control  Center  (AMCC)  Specialists /NAS  Area  Specialists 

LEg.gkUgn.lA  1 

ACF  MCC  NAS  Area  Specialists,  located  in  each  ACF,  monitor,  control,  and 
maintain  specific  NAS  subsystems  from  centralized  locations  through  the 
Maintenance  Monitoring  Console  (MMC) .  The  MMC  provides  access  to  maintenance 
data  terminals  (MDT)  and  Remote  Monitoring  Subsystems  (RMSs)  for  status  and 
maintenance  control  of  all  external  subsystems  and  surveillance  facilities 
which  interface  with  the  Maintenance  Processor  Subsystem  (MPS). 

Figure  2-5  is  an  operational  flow  diagram  describing  the  functions  and 
services  provided  by  the  MCC  Specialist.  Lettered  blocks  identify  the 
functions  performed  by  the  specialist  or  system,  which  are  described  in  the 
corresponding  paragraph  below. 

a.  Maintenance  Processor  Subsystem  (MPS l  Processing.  The  MPS  provides 
the  MCC  specialist  with  access  status  data  on  those  systems  the  MCC 
is  required  to  monitor.  The  MPS  accepts  maintenance  status  and 
maintenance  data  from  the  ACCCs.  The  MPS  sends  maintenance  control, 
maintenance  management  data,  and  NAS  subsystem  status  data  to  the 
ACCCs . 

NASSRS  Requirement  3.8.3.E 

b.  Maintenance  Control  Center  Processor  -  Maintenance  Monitor  Console 
( MCCP— MMC l .  The  MCC  consoles  within  the  AMCC  provide  the  MCC 
specialist  with  the  capability  to  monitor  and  control  NAS 
subsystems.  The  MCCP-MMC  provides  input /output  and  display 
capabilities,  data  processing  capabilities  for  situation  appraisals, 
and  failure  effects  analysis  needed  for  service  restoration.  The 
MCCP-MMC  interfaces  with  the  MPS  and  provides  the  interface  to  the 
MCC  specialist  for  analysis  of  problems  within  the  NAS 
subsystems /equipment.  The  MCCP-MMC  interfaces  with  external 
Maintenance  Data  Terminals  (MDT)  and  Remote  Monitoring  Subsystems 
(RMSs)  through  the  MPS. 

NASSRS  Requirement  3.8. 3. E 

c.  Remote  Monitor  and  Control.  MCC  Specialist  remotely  monitor  and 
control  NAS  equipment  from  the  AMCC  using  their  workstation.  The 
MCC  Specialist  will  perform  system  restoration  when  necessary. 

NASSRS  Requirement  3.8.3.E 

d.  Notification/Coordination.  MCC  specialists  notify  and  coordinate 
with  other  MCC  specialists  changes  in  status  of  NAS  systems, 
including  system  failures. 

NASSRS  Requirement  3.8. 3. E 
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2.3.4  GNAS  Maintenance  Control  Center  (GMCCM  Specialists  /Position  24) 


GNAS  MCC  Specialists,  located  in  Airway  Facilities  GNAS  Sectors,  monitor 
status  information  and  detailed  performance  data  from  NAS  subsystems/ 
equipment . 

Figure  2-6  is  an  operational  flow  diagram  describing  the  functions  and 
services  provided  by  the  MCC  Specialist.  Lettered  blocks  identify  the 
functions  performed  by  the  specialist  or  system,  which  are  described  in  the 
corresponding  paragraph  below. 

a.  Maintenance  Processor  Subsystem  (MPS)  Processing .  The  MPS  provides 
the  MCC  Specialist  status  data  on  those  systems  the  MCC  is  required 
to  monitor.  The  MPS  accepts  maintenance  status  and  maintenance  data 
from  the  ACCCs.  The  MPS  sends  maintenance  control,  maintenance 
management  data,  and  NAS  subsystem  status  data  to  the  ACCCs. 

NASSRS  Requirement  3.8.3.E 

b.  GMCC  Workstation.  The  GMCC  workstation  provides  the  MCC  NAS  Area 
Specialist  with  the  capability  to  monitor  and  control  NAS  subsystems 
and  facilities  which  interface  with  the  MPS. 

NASSRS  Requirement  3.8.3.E 

c.  Remote  Monitor  and  Control.  MCC  Specialists  remotely  monitor  and 
control  NAS  equipment  from  the  GMCC  using  their  workstation.  The 
MCC  Specialist  will  perform  system  restoration  when  necessary. 

NASSRS  Requirement  3.8.3.E 

d.  Notification /Coordination.  MCC  Specialists  notify  and  coordinate 
with  other  MCC  specialists  changes  in  status  of  NAS  systems, 
including  system  failures. 

NASSRS  Requirement  3.8.3.E 

2.3.5  Traffic  Management  Specialists  (Position  13 ) 

Traffic  Management  Specialists  are  responsible  for  coordination  and  approval 
of  all  major  intercenter  flow  control  restrictions  on  a  system  basis  in  order 
to  maintain  maximum  utilization  of  the  airspace.  Figure  2-7  is  an  operational 
flow  diagram  describing  the  functions  and  services  provided  by  the  Traffic 
Management  Specialist.  Lettered  blocks  identify  the  functions  performed  by 
the  specialist  or  system,  which  are  described  in  the  corresponding  paragraph 
below. 

a.  Traffic  Management  Processor.  The  TMP  provides  an  automation 
capability  to  directly  assist,  support,  and  provide  data  base 
information  for  flow  management,  planning  reservation,  and 
contingency  response  to  optimize  the  flow  of  traffic  and  minimize 
flight  delays.  The  TMP  exchanges  flight  data,  traffic  capacity 
reports,  traffic  situation  reports,  and  traffic  flow  data  with  the 
ACCC. 

NASSRS  Requirement  3 . 8 . 3 . E 
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b.  Traffic  Management  Voice  System.  The  TMVS  is  used  by  Traffic 
Management  Specialists  to  coordinate  the  rerouting  of  air  traffic 
around  a  failed  ACFs  airspace. 

NASSRS  Requirement  3.8.3.B 

c.  Coordinate  with  Adjacent  ACFs.  Traffic  Management  Specialists 
coordinate  traffic  flow  with  other  Traffic  Management  Specialists  in 
ACFs  adjacent  to  the  failed  ACF. 

NASSRS  Requirement  3.8.3.B 


2.4  Correlation  of  Operational  Requirements 

Table  2-1  summarizes  the  correlation  of  the  requirements  paragraph  of  NAS-SR- 
1000  with  the  paragraphs  describing  system  effectiveness.  All  system 
effectiveness  paragraph  numbers  of  NAS-SR-1000  are  listed;  paragraphs  which 
are  introductory  in  nature,  do  not  state  an  explicit  operational  requirement, 
or  which  reference  other  portions  of  NAS-SR-1000  are  indicated  with  a  dash. 

The  fact  that  a  correlation  is  shown  between  a  requirements  paragraph  and  a 
paragraph  describing  the  specialist/controller  functions  should  not  be 
construed  as  indicating  that  the  requirement  is  completely  fulfilled. 

2 . 5  Operational  Sequence 

An  operational  sequence  diagram  has  been  developed  to  illustrate  the 
interaction  between  specialists/controllers  and  NAS  systems  utilized  in 
support  of  system  effectiveness.  Support  systems  are  mentioned  but  their 
roles  are  not  described  in  detail.  This  diagram  is  general  in  nature  as  it  is 
intended  to  provide  an  overall  depiction  of,  in  this  case,  the  ACF  backup 
process.  Operational  sequences  are  based  on  the  end-state  NAS  as  described  in 
baselined  documents  (e.g..  Level  I  Design).  Numbers  associated  with  each 
"box"  on  the  operational  sequence  figure  are  quoted  in  the  next  section  to 
help  the  reader  trace  this  process.  A  specific  situation  was  developed  as  a 
scenario  in  Section  2.6 

2.5.1  Failed  ACF  Operational  Sequence 

Figure  2-8  describes  an  ACF  failure  and  the  functions  performed  by  the 
adjacent  facilities.  While  there  are  a  variety  of  reasons  for  an  ACF  failure 
this  sequence  is  meant  to  generally  describe  the  sequence  of  events  that  are 
envisioned  to  occur. 

In  this  sequence  ACF  "A"  is  operating  normally  (1).  ACF  "A"  validates  that  is 
it  1b  exchanging  flight  data  and  handoffs  (2)  with  ACF  "B"  (3),  ACF  "C"  (5) 
and  associated  TCCCs  at  control  towers  (6),  and  status  information  with  the 
MPS  within  ACF  "A"  (4).  Due  to  a  power  failure  ACF  "A"  fails  (7)  and  is  no 
longer  exchanging  status  and  control  data  with  adjacent  facilities  (8). 

Once  it  is  verified  by  designated  FAA  management  personnel  that  ACF  "A"  has 
had  a  catastrophic  failure,  ACF  "C"  personnel  will  implement  the  ACF  backup 
plan  (9)  to  establish  contact  with  adjacent  facilities  around  the  failed  ACF. 
At  this  time  designated  personnel  in  the  ATCTs  switch  their  TCCCs  into  stand 
alone  mode  to  continue  operations  (10).  ACF  "C"  successfully  establishes  data 
communication  contact  with  ACF  "B"  (11)  to  establish  control  over  the  affected 
airspace.  ACF  "C"  will  later  establish  contact  with  other  affected  TCCCs  (12) 
to  provide  required  data. 


2-17 


Table  2-1 

SYSTEM  EFFECTIVENESS 
OPERATIONAL  REQUIREMENTS  CORRELATION 
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ACF  "C"  (13)  continues  to  exchanges  data  with  ACF  "B"  (14)  and  the  associated 
TCCCs  (15)  until  the  power  at  ACF  "A"  is  restored  (16),  which  is  verified  by 
designated  personnel.  ACF  "A"  re-establishes  contact  (17)  with  the  ACCC  at 
ACF  "B"  (18),  its  own  MPS  (19),  the  ACCC  at  ACF  "C"  (20),  and  associated  TCCCs 

(21) .  The  ACCC  within  ACF  "A"  exchanges  flight  data  and  handoff  information 

(22)  with  the  ACCC  at  ACF  "B"  (23),  the  ACCC  at  ACF  "C"  (25),  and  associated 
TCCCs  (26)  and  status  information  with  the  MPS  (24). 


2 . 6  Operational  Scenario 

The  operational  scenario  presented  in  this  section  depicts  a  specific 
hypothetical  situation  illustrating  an  ACF  failure  and  its  adjacent  ACF 
implementing  its  backup  process.  It  is  similar  to  the  sequence  diagram  in 
Figure  2-8  in  that  it  shows  functional  sequences  and  interactions  between 
specialists.  The  difference  is  that  the  operational  scenario  shows  more 
detail  and  only  shows  one  branch  where  a  decision  is  made.  Each  row  shows  the 
actions  on  one  of  the  action  rectangles  generally  represents  the  sequence  of 
their  occurrence. 

2.6.1  Failed  ACF  Operational  Scenario 

Figure  2-9  describes  the  events  that  occur  when  an  ACF  fails  and  its  backup 
facilities  take  over.  In  this  scenario  the  Washington  ACF  (ZDC)  is  operating 
normally  (1).  Its  ACCC  is  exchanging  handoff  and  flight  data  with  the  ACCC  at 
New  York  ( ZNY )  ACF  (2),  the  ACCC  at  Jacksonville  (ZJX)  ACF  (3),  and  the  TCCC 
at  Washington's  National  Airport  (DCA)  (4).  The  ZDC  ACCC  is  also  exchanging 
status  information  with  its  MPS  (5). 

A  catastrophic  failure  occurs  within  ZDC  (6)  and  its  ACCC  can  no  longer 
exchange  handoff  and  flight  data  (7)  with  its  adjacent  ACFs  (8),  (9),  with 
TCCCs  such  as  DCA  (10).  Once  notified  that  ZDC  has  failed,  designated 
personnel  within  the  ZNY  ACF  initiate  their  backup  plan  (11).  The  ZJX  ACF 
personnel  also  initiate  their  backup  plan  once  notified  (12).  DCA  tower 
personnel,  realizing  that  the  ZDC  ACF  has  failed,  initiate  the  TCCC  stand 
alone  capability  (13).  Personnel  from  ZNY  coordinate  and  establish  data 
communication  contact  (14)  with  ZJX  ACF  (15)  to  activate  additional  sectors 
within  their  facilities  to  take  control  over  aircraft  affected  within  ZDC  ACF 
airspace. 

Flight  data  and  handoffs  are  effected  between  ZNY  ACF  (16)  and  ZJX  ACF  (17). 
Once  the  ZNY  ACF  has  established  data  communication  with  ZJX  ACF,  contact  is 
established  (18)  with  DCA  TCCC  (19)  for  initiating  handoff  and  flight  data 
exchange  (20),  (21). 

The  problem  within  ZDC  is  resolved  and  ZDC  personnel  attempt  a  restart  of  its 
ACCC  (22).  The  restart  is  a  success  (23)  and  the  personnel  within  ZDC  re¬ 
establish  communication  contact  (24)  with  ZNY  ACCC  (25),  and  ZJX  ACCC  (26). 
Once  the  communication  channel  has  been  re-established  and  flight  data  and 
handoffs  are  being  exchanged  (27)  with  ZNY  ACCC  (28)  and  ZJX  ACCC  (29)  contact 
is  attempted  (30)  and  established  with  DCA  TCCC  (31). 
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APPENDIX  I 

NAS  SERVICE  FUNCTIONAL  CATEGORIES 


Table  1-1,  on  the  following  pages  lists  the  categories  of  NAS  service 
functions.  These  functions  are  categorized  as  critical,  essential,  or 
routine.  Critical  describes  functions  or  services  which,  if  lost,  would 
prevent  the  NAS  from  exercising  safe  separation  and  control  over  aircraft. 
Essential  functions  or  services  are  those  which,  that  if  lost,  would  reduce 
the  capability  of  the  NAS  to  exercise  safe  separation  and  control  over 
aircraft.  Routine  services  or  functions  are  those,  if  lost,  would  not 
significantly  degrade  the  capability  of  the  NAS  to  exercise  safe  separation 
and  control  over  aircraft. 
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*  NO  NAS  SERVICE  FUNCTIONAL  CATEGORY  ASSIGNED 
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APPENDIX  II 

NAS  RESPONSE  TIME  REQUIREMENTS 
(IN  SECONDS) 


Table  II-l,  on  the  following  pages,  describe  the  NAS  response  times  (in 
seconds)  that  are  required  to  meet  the  NAS  System  Requirements  Specification. 
These  times  are  identified  as  a  mean,  which  is  the  mid-point  between  the 
smallest  and  largest  values,  the  99th  percentile,  and  maximum  value,  or 
greatest  possible  number. 

For  example.  Strategic  Weather  Information  is  available  to  the  specialist 
within  a  3  seconds  (mean),  5  seconds  99  percent  of  the  time  (99  percentile), 
and  will  always  be  available  within  10  seconds  (maximum) . 
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Responses  to  Input  of  Surveillance  Information 
Updates  shall  be  within  2  Seconds. 
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GLOSSARY 


AREA  CONTROL  FACILITY  (ACF)  -  A  consolidated  facility  established  to  provide 
air  traffic  control  service  to  arrival,  departure,  and  en  route  aircraft. 

ACF  BACKUP  -  The  capability  to  provide  alternate  control  over  the  airspace  of 
an  ACF  that  has  experienced  a  catastrophic  failure. 

ADJACENT  FACILITY  -  A  facility  whose  assigned  airspace  borders  that  of  the 
facility  being  discussed.  This  applies  to  an  ACF  bordering  another  ACF  and  to 
an  ATCT  bordering  an  ACF. 

AIRCRAFT  -  Device/s  that  are  used  or  intended  to  be  used  for  flight  in  the 
air;  when  used  in  air  traffic  control  terminology  may  include  the  flight  crew. 

AIRPORT  TRAFFIC  CONTROL  TOWER  (ATCT)  -  A  terminal  facility  that  provides  ATC 
services  to  aircraft  operating  in  the  vicinity  of  an  airport  or  on  the  airport 
movement  area.  Authorizes  aircraft  to  land  or  takeoff  at  the  airport 
controlled  by  the  tower  or  to  transit  the  airport  traffic  area  regardless  of 
flight  plan  or  weather  conditions  (IFR  or  VFR) .  A  tower  may  also  provide 
approach/departure  control  services. 

AIR  TRAFFIC  CONTROL  COMMAND  CENTER  (ATCCC)  -  An  air  traffic  service  facility 
consisting  of  Central  Flow  Control  Facility  (CFCF),  Central  Altitude 
Reservation  Function  (CARF),  Airport  Reservation  Office  (ARO),  and  the  ATC 
Contingency  Communication  and  Post. 

ATCCC  SPECIALIST  -  Traffic  management  specialist  resident  at  the  Air  Traffic 
Control  Command  Center  (ATCCC)  who  coordinates  with  local  traffic  management 
specialists  at  ACFs  and  manages  flow  control  operations. 

AREA  CONTROL  FACILITY  (ACF)  -  A  facility  established  to  provide  air  traffic 
control  service  to  aircraft  during  the  en  route  and  terminal  phases  of  flight. 

CATASTROPHIC  FAILURE  -  The  inability  of  an  ACF  to  perform  its  operational 
responsibilities,  regardless  of  cause,  as  determined  by  operational 
authorities. 

CLASSIFIED  INFORMATION  -  Official  information,  including  foreign  classified 
information,  which  has  been  designated  as  requiring  protection  in  the  interest 
of  national  security. 

FLIGHT  PLAN  -  Specified  information  relating  to  the  intended  flight  of  an 
aircraft  that  is  filed  orally  or  in  writing  with  an  ATC  facility. 

FLOW  CONTROL  -  Measures  taken  to  adjust  the  flow  of  traffic  into  a  given 
airspace,  along  a  given  route,  or  bound  for  a  given  airport  so  as  to  ensure 
the  most  effective  utilization  of  the  airspace. 

IFR  AIRCRAFT/ IFR  FLIGHT  -  An  aircraft  conducting  flight  in  accordance  with 
instrument  flight  rules. 

INSTRUMENT  FLIGHT  RULES  (IFR)  -  Rules  governing  the  procedures  for  conducting 
instrument  flight.  Also  a  term  used  by  pilots  and  controllers  to  indicate 
type  of  flight  plan. 

MODE  S  SENSOR  -  The  Mode  S  Sensor  is  a  combined  beacon  interrogator  and 
ground-air-ground  data  link  system  that  is  part  of  the  surveillance 
facilities.  The  purpose  of  Mode  S  is  to  provide  beacon  surveillance  coverage 
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in  conjunction  with  search  radar  coverage  and  to  provide  automated  data 
communications  between  the  aircraft  and  various  ground  based  processors. 

NATIONAL  AIRSPACE  SYSTEM  (NAS)  -  The  NAS  as  used  herein  describes  the  FAA 
facilities,  hardware,  software,  and  the  personnel  who  operate  and  maintain 
that  equipment  to  provide  services  to  the  user. 

SECURE/SECURITY  - 

1.  Measures  taken  to  protect  the  NAS  from  all  acts  designed  to,  or  that 
may,  impair  its  effectiveness. 

2.  A  condition  that  results  from  the  establishment  and  maintenance  of 
measures  to  protect  designated  information,  personnel,  equipment,  and 
installations. 

3.  A  condition  that  prevents  unauthorized  disclosure  of  information 
that  is  safeguarded  as  NAS-sensitive  (designated 
operational/administrative)  or  is  classified  in  the  interests  of 
national  security. 

SPECIALIST  -  The  internal  individual  or  group  who  provide  service  through  the 
NAS  (e.g.,  controllers,  engineers,  maintenance  and  management  personnel). 

SYSTEM  EFFECTIVENESS  -  How  well  NAS  equipment,  systems,  installations,  and 
facilities  are  required  to  perform  intended  functions  under  any  foreseeable 
operating  conditions.  The  NAS  shall  meet  user/specialist-related  measures  of 
effectiveness  by  analysis  and,  where  necessary,  by  appropriate  simulation  or 
test. 

USER  -  The  external  individual  or  group  that  receive  services  from  the  NAS 
(e.g..  Pilot,  Air  Carrier,  General  Aviation,  Military,  Law  Enforcement 
Agencies) . 

VISUAL  FLIGHT  RULES  ( VFR)  -  Rules  that  govern  the  procedures  for  conducting 
flight  under  visual  conditions. 


GL-2 


ACRONYM 

ACCC 

ACF 

ARSR 

ASR 

ATC 

ATCCC 

ATCT 

DoO 

BVCS 

FAA 

FAATC 


ACRONYMS /ABBREVIATIONS 

MEMIH2 

Area  Control  Computer  Complex 

Area  Control  Facility 

ACF  Maintenance  Control  Center 

Air  Route  Surveillance  Radar 

Airport  Surveillance  Radar 

Air  Traffic  Control 

Air  Traffic  control  Command  Center 

Airport  Traffic  Control  Tower 

Department  of  Defense 

Emergency  Voice  Communication  System 

Federal  Aviation  Administration 
FAA  Technical  Center 


GMCC  GNAS  Maintenance  Control  Center 

GNAS  General  NAS  Airway  Facilities  Sector 


ICSS  Integrated  Communications  Switching  System 

IFR  Instrument  Flight  Rules 


MBO 

MCC 

MCCP 

MCCP-MMC 

MDT 

MPS 


Military  Base  Operations 
Maintenance  Control  Center 
Maintenance  Control  Center  Processor 
MCCP-Maintenance  Monitor  Console 
Maintenance  Data  Terminal 
Maintenance  Processing  System 


NADIN 

NAS 

NASSRS 

NARACS 

NAVAIDS 

NICS 

NMCC 

NMPS 


National  Data  Interchange  Network 
National  Airspace  System 

National  Airspace  System-System  Requirements 
Specification 

National  Radio  Communications  System 
Navigation  Aids 

NAS  Interfacility  Communications  System 
National  Military  Command  Center 
National  Maintenance  Processing  System 


RCE 

RCF 

RMMS 

RMS 


Radio  Control  Equipment 
Remote  Communications  Facility 
Remote  Maintenance  Monitoring  System 
Remote  Monitoring  Subsystem 


TCCC 

TCS 

TMC 

TMP 

TMS 

TMVS 


Tower  Control  Computer  Complex 
Tower  Communication  System 
Traffic  Management  Coordinator 
Traffic  Management  Processor 
Traffic  Management  System 
Traffic  Management  Voice  Switch 


UHF 


Ultra  High  Frequency 


VFR 

VHF 

VSCS 


Visual  Flight  Rules 
Very  High  Frequency 
Voice  Switching  and  Control  System 
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